Return-Path: X-Original-To: apmail-trafficserver-users-archive@www.apache.org Delivered-To: apmail-trafficserver-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 0424A17412 for ; Mon, 12 Jan 2015 17:42:08 +0000 (UTC) Received: (qmail 8733 invoked by uid 500); 12 Jan 2015 17:42:09 -0000 Delivered-To: apmail-trafficserver-users-archive@trafficserver.apache.org Received: (qmail 8666 invoked by uid 500); 12 Jan 2015 17:42:09 -0000 Mailing-List: contact users-help@trafficserver.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@trafficserver.apache.org Delivered-To: mailing list users@trafficserver.apache.org Received: (qmail 8656 invoked by uid 99); 12 Jan 2015 17:42:09 -0000 Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 12 Jan 2015 17:42:09 +0000 Received: from [17.149.237.160] (unknown [17.149.237.160]) by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPSA id 31AAE1A0041 for ; Mon, 12 Jan 2015 17:42:09 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\)) Subject: Re: forward proxy - Restricting domains. From: James Peach In-Reply-To: Date: Mon, 12 Jan 2015 09:42:10 -0800 Content-Transfer-Encoding: quoted-printable Message-Id: <2F6C0BA9-FBF1-40AC-934C-5D7255E883B7@apache.org> References: <2116454793.1211049.1420836439863.JavaMail.yahoo@jws100130.mail.ne1.yahoo.com> <020F6313-BC97-4C0B-8A15-F525BF215F64@apache.org> <27A119AB-F067-4F3D-B84B-10627F517E14@collectivei.com> To: users@trafficserver.apache.org X-Mailer: Apple Mail (2.1993) > On Jan 12, 2015, at 9:23 AM, Paul Tader = wrote: >=20 >>=20 >> On Jan 9, 2015, at 3:51 PM, Paul Tader = wrote: >>=20 >>>=20 >>> On Jan 9, 2015, at 3:38 PM, Leif Hedstrom wrote: >>>=20 >>>=20 >>>> On Jan 9, 2015, at 2:29 PM, Paul Tader = wrote: >>>>=20 >>>> Doesn=E2=80=99t this break the forward proxy then? >>>>=20 >>>> # To enable forward proxy, you must turn off remap_required >>>> CONFIG proxy.config.url_remap.remap_required INT 1 >>>=20 >>> That=E2=80=99s somewhat confusing. remap_required disables =E2=80=9Cop= en forward proxying=E2=80=9D. ATS actually doesn=E2=80=99t know / care = about forward vs reverse proxy, it=E2=80=99s just a matter of what = requests you allow through. What this setting is saying =E2=80=9CWithout = an explicit rule matching in remap.config, deny the request=E2=80=9D. = There=E2=80=99s a similar one for reverse proxy. >>>=20 >>> =E2=80=94 Leif >>>=20 >>=20 >> Ok, thanks for clearing that up. What that said, I kept the setting = at =E2=80=9C1=E2=80=9D and changed the remap.config file to what=E2=80=99s= listed below. Unfortunately I was still able to to connect to sites = not listed in remap.config. =20 >>=20 >> .defflt internal_only @action=3Dallow = @src_ip=3D10.0.0.0-255.255.255.255 >>=20 >> .useflt internal_only >> map https://www.facebook.com https://www.facebook.com >> map https://www.yahoo.com https://www.yahoo.com >> map http://finance.yahoo.com http://finance.yahoo.com >>=20 >>=20 >> 1420840183.867 126 10.1.2.3 TCP_MISS/200 38458 GET = http://www.oracle.com/index.html - DIRECT/www.oracle.com text/html - >>=20 >> Not sure it matters, but I also have our networks IP=E2=80=99s listed = in ip_allow.config. =20 >>=20 >=20 > Is there an equivilent to .deactivatefilter in ATS 3? "unusefilter", "deactivatefilter", "unactivefilter", deuseflt", and = "unuseflt" are all synonyms. I thought that they had all been there = forever, but maybe some synonyms were not present in 3 ... J=